Intelligent CISO Issue 10 - Page 43

E R T N P X E INIO OP most companies, a risk manager is in charge of employee monitoring, fraud detection and internal investigation. What tools will allow you to monitor internal corporate risks online? Analysis of the level of internal corporate risks, the provision of practices in internal investigations and anti-corruption programmes is also a task for the internal audit officer. Yet in smaller companies, employees of the information security department can perform these duties. The main point is that a person assuming responsibilities has to understand business processes, know who is who in a company, have investigation experience and a strong analytical mindset. In my opinion, two main systems help to secure internal control – a DLP solution and employee monitoring software (EMS). On the one hand, DLP is a major priority for enterprises these days in order to protect confidential information from leakage and to analyse huge amounts of data. www.intelligentciso.com | Issue 10 On the other hand, the solution doesn’t have enough resources to facilitate regulatory compliance and investigation processes. Employee monitoring tools intercept and collect loads of information on a company’s staff, which enables corporate fraud investigation and abnormal behaviour detection. However, this software, as well as UEBA, has no convenient analytical instruments and readable reports, and thus raw data is accumulating. As a result, to perform investigations and detect employees involved in fraudulent schemes a company has to implement a solution that includes the features of EMS and DLP with modern forensic technology and a wide range of reports. u 43